Google adds 24-hour sideloading delay amid 17 malware families in 4 months, reducing scam-driven installs and device ...

Outdated iOS exploited via Coruna, DarkSword kits through web attacks, enabling mass data theft on unpatched devices.

EDR killers exploit 34 vulnerable drivers via BYOVD, gaining kernel access to disable defenses, increasing ransomware success rates.

DoJ disrupts IoT botnets behind 31.4 Tbps DDoS attacks using 3M devices, reducing global extortion-driven outages.

Speagle malware exploits Cobra DocGuard servers to exfiltrate sensitive data, indicating targeted espionage risks for protected systems.

Claude Code bypasses security controls by acting locally before monitoring, exposing data risks and audit gaps.

Perseus Android malware uses accessibility abuse via phishing apps to enable device takeover and financial fraud across multiple countries.

ThreatsDay roundup covering stealthy attacks, phishing trends, exploit chains, and rising security risks across the threat landscape.

Interlock exploits CVE-2026-20131 zero-day since Jan 26, enabling root access on Cisco FMC, increasing ransomware risks.

Sansec is warning of a critical security flaw in Magento's REST API that could allow unauthenticated attackers to upload arbitrary executables and achieve code execution and account takeover. The ...

Ubuntu CVE-2026-3888 flaw exploits cleanup timing in snap-confine to gain root access, risking full system compromise.

Apple fixes WebKit CVE-2026-20643 in iOS 26.3.1, macOS 26.3.2 using background patches, reducing exploit risk.